Methods of monitoring behavior/activity of an individual associated with an organization

ABSTRACT

A cooperative arrangement and method to monitor behaviors and other activities by an individual in an organization. Personal financial information associated with an individual who is associated with, or to be associated with, the organization are obtained. Information is extracted from the personal financial information and input into a risk assessment algorithm. The risk assessment algorithm operates on the input information and generates risk assessment data. The risk assessment data is evaluated to make a determination of certification with respect to the individual. A decision to certify means that the risk associated with the individual, with respect to committing fraud or some other improper act with respect to the organization, is acceptable. Risk assessment data on a plurality of key individuals within the organization may be generated and evaluated to make a determination of certification with respect to the organization as a whole.

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE

This U.S. patent application claims priority to and is a continuationpatent application of pending U.S. patent application Ser. No.13/603,999 filed on Sep. 5, 2012 which claims priority to and is acontinuation patent application of U.S. patent application Ser. No.11/463,678 filed on Aug. 10, 2006 which is incorporated herein byreference in its entirety and which claims priority to and is acontinuation-in-part (CIP) patent application of U.S. patent applicationSer. No. 11/424,086, filed on Jun. 14, 2006 which is incorporated hereinby reference in its entirety.

TECHNICAL FIELD

Certain embodiments of the present invention relate to organizationalbehavior such as, for example, behavior of an individual when operatingwithin a legal entity such as a corporation. More particularly, certainembodiments of the present invention relate to methods of deterringfraud and other improper behaviors of individuals associated with anorganization by reducing the risks of financial self-dealing andself-enrichment associated with the people who are responsible forvarious aspects of the organization.

BACKGROUND OF THE INVENTION

Corporate fraud is perpetrated by individuals, and a leading fraudindicator is the individual's personal financial behaviors. How anindividual earns, saves, invests, manages, and spends money are keyfactors. Typically, fraud and embezzlement begins with the individualtelling himself, “ . . . just this once, I'll pay it back.” But oncethat line is crossed, the individual rarely turns back. It becomeseasier and easier, with the amount embezzled steadily increasing beforebeing detected, if at all.

The core of the problem is a breach of fiduciary duty by the trustees ofthe investors' interests (i.e., the board of directors and management).A passive, non-independent, and rubber-stamping board of directors madeup of members selected by the CEO or chairman of the board is not aguarantee of effective oversight of management actions and conduct.

However, management teams that place personal interests above investordemand for value creation when conducting the affairs of the corporationincur a systemic conflict of interest. In the past, breaches offiduciary duty by management and boards of directors were sometimescondoned by auditors who lacked independence and possessed limitedcapability and authority to challenge management.

The Sarbanes-Oxley Act (SOA), signed into law on Jul. 30, 2002 wasdesigned to protect America's shareholders and workers and gave theFederal Government new powers to enforce corporate responsibility and toimprove oversight of corporate America. This legislation gave new powerto prosecutors and regulators seeking to improve corporateresponsibility and protect America's shareholders and workers. Amongother reforms, the legislation:

-   -   created a new accounting oversight board to police the practices        of the accounting profession;    -   strengthened auditor independence rules;    -   increased the accountability of officers and directors;    -   enhanced the timeliness and quality of financial reports of        public companies;    -   barred insiders from selling stock during blackout periods when        workers are unable to change their 401(K) plans;    -   created a new securities fraud provision with a 25-year maximum        term of imprisonment;    -   directed the Sentencing Commission to review sentencing in white        collar crime, obstruction of justice, securities, accounting,        and pension fraud cases;    -   required CEOs and Chief Financial Officers (CFOs) to personally        certify that financial reports submitted to the SEC fully comply        with the securities laws and fairly present, in all material        respects, the financial condition of the company;    -   made it a crime to willfully certify any such financial report        knowing the same to be false or non-compliant, punishable by up        to 20-years in prison;    -   criminalized the alteration or falsification of any document        with the intent to obstruct the investigation of any matter        within the jurisdiction of a United States Department or Agency;    -   criminalized retaliatory conduct directed at corporate        whistleblowers and others; and    -   required that audit papers be retained for five years and        criminalized the failure to maintain such records.

The Sarbanes-Oxley Act places considerable emphasis on correcting laxcorporate governance practices, including:

-   -   management dealing in an environment full of pervasive conflicts        of interest;    -   lack of strict transparency, reliability, and accuracy standards        in financial reporting;    -   lack of independence between the key players in corporate        governance, beginning with the board of directors, senior        management, and auditors;    -   lack of adequate enforcement tools for regulators; and    -   widespread conflicts of interest influencing securities market        transactions.

Addressing the systemic weakness of the corporate governance practicesin the post-Sarbanes-Oxley corporate environment requires more thancorrecting the most visible manifestations of the problem. Weakgovernance practices are the combined result of several offenders andlax controls over the performance of both management and the board ofdirectors.

Laws and regulations have never been sufficient to guarantee society'swelfare or, in this case, improvement in corporate governance standards.In many ways, Sarbanes-Oxley has merely made express the duties andresponsibilities of boards, CEOs, and CFOs and taken away from them theability to point a finger at someone else if fraud and abuse occur at acompany covered by Sarbanes-Oxley. However, these duties existed beforeSarbanes-Oxley was enacted albeit in less explicit fashion. While it maybe comforting to some that Sarbanes-Oxley has eliminated the ability ofsenior management to claim they did not know or were not aware, this isstill unlikely to prevent people from committing the types of fraud andabuse that led to the passage of Sarbanes-Oxley in the first place.

While Sarbanes-Oxley, in its current or future form, will play anecessary role in ensuring that U.S. companies avoid certain excesses,the market and investors should continue to seek out solutions that aredriven by market needs that help restore and maintain the confidence ofinvestors in public companies.

Accountability is the key. The owners of America's corporations (i.e.,the stockholders) must hold managers, directors, auditors, and marketparticipants accountable. The performance of these groups directlyimpacts shareholder value. The corporate governance process must bere-engineered into one that guarantees performance excellence bymanagement and the board of directors when performing their agencyduties as trustees of shareholder confidence.

Although implementing corporate governance best practices can result inadditional operating costs, good corporate governance is not an optionbut an obligation, if shareholder interest is to be protected.Compliance costs are only a small fraction of the large losses sufferedby stockholders because the board and/or executive management did notcomply with good corporate governance practices. Sarbanes-Oxley hastaken great steps at ensuring proper corporate governance and has putsome teeth into board and management penalties for non-compliance.

Sarbanes-Oxley, in its present form, is a good first step in combatingabuses. However, additional protections should be put in place whichcomplement Sarbanes-Oxely by more directly addressing those problemswhich Sarbanes-Oxley, by itself, cannot solve such as, for example,fraud prevention.

Further limitations and disadvantages of conventional, traditional, andproposed approaches will become apparent to one of skill in the art,through comparison of such systems and methods with the presentinvention as set forth in the remainder of the present application withreference to the drawings.

BRIEF SUMMARY OF THE INVENTION

A first embodiment of the present invention comprises a method tomonitor the behavior/activity of an individual associated with anorganization. The method includes obtaining a personal financialdisclosure statement of an individual person associated with orpotentially to be associated with the organization and also obtainingpersonal financial records and other relevant financial data of theindividual person. The method further includes inputting firstinformation from the personal financial disclosure statement, thepersonal financial records, and the other relevant financial data into arisk assessment algorithm. The method also includes the risk assessmentalgorithm operating on the first input information and therebygenerating first risk assessment data. The method further includesevaluating the first risk assessment data and thereby making a firstdetermination of certification with respect to the individual person.

A second embodiment of the present invention comprises a method tomonitor the behavior/activity of individuals associated with anorganization. The method comprises obtaining a personal financialdisclosure statement, personal financial records, and other relevantfinancial data for each of a plurality of individual persons associatedwith the organization. The method further comprises inputting firstinformation from each of the personal financial disclosure statements,each of the personal financial records, and each of the other relevantfinancial data into a risk assessment algorithm. The method alsocomprises the risk assessment algorithm operating on the first inputinformation and thereby generating first risk assessment data. Themethod further comprises evaluating the first risk assessment data andthereby making a first determination of certification with respect tothe organization.

A third embodiment of the present invention comprises a method tomonitor an individual person of an organization for behavioral risk. Themethod includes periodically obtaining updated personal financialrecords and other relevant financial data of an individual person thatis currently certified for risk with respect to the organization. Themethod further includes inputting, into a risk assessment algorithm,updated information from the updated personal financial records andother relevant financial data along with previous information from apreviously obtained personal financial disclosure statement of theindividual person. The method also includes the risk assessmentalgorithm operating on the input information and thereby generatingupdated risk assessment data. The method further includes evaluating theupdated risk assessment data and thereby making an updated determinationof certification with respect to the individual person.

All individuals who are in a position of materially affecting thefinancial performance or assets of an organization can apply forcertification, in accordance with an embodiment of the presentinvention. The individual completes a financial disclosure statement andgives the certifying entity permission to review their past and/orpresent financial behaviors for, for example, the past 5 to 10 yearsdepending on position(s) held. If the employee meets the risk criteria,they are certified. Such a certification process helps to drive theright behaviors of individuals.

If, at any time during the certification period, issues of concern areidentified, the corresponding event is investigated for accuracy and,depending on the results of the investigation, certification may besuspended, cancelled, re-rated, or left unchanged. The certificationentity, in accordance with an embodiment of the present invention, is anevaluator of risk (preferably an independent evaluator of risk, butpossibly a self-policing evaluator of risk). The oversight andindependent monitoring of key individuals are provided, thus identifyingthose most likely to be a fraud risk. Certain embodiments of the presentinvention use risk models which are based on a complex algorithm ofpredictive financial modeling, and not on biographical data which couldbe used for profiling.

These and other advantages and novel features of the present invention,as well as details of illustrated embodiments thereof, will be morefully understood from the following description and drawings.

BRIEF DESCRIPTION OF SEVERAL VIEWS OF THE DRAWINGS

FIG. 1 is a functional block diagram of an embodiment of a cooperativearrangement to monitor the behavior/activity of an individual associatedwith an organization, in accordance with various aspects of the presentinvention.

FIG. 2 illustrates a flowchart of a first embodiment of a method tomonitor the behavior/activity of an individual associated with anorganization using the cooperative arrangement of FIG. 1, in accordancewith various aspects of the present invention.

FIG. 3 illustrates a flowchart of a second embodiment of a method tomonitor the behavior/activity of individuals associated with anorganization using the cooperative arrangement of FIG. 1, in accordancewith various aspects of the present invention.

FIG. 4 illustrates a flowchart of an embodiment of a method to monitoran individual of an organization for risk using the cooperativearrangement of FIG. 1, in accordance with various aspects of the presentinvention.

DETAILED DESCRIPTION OF THE INVENTION

As used herein, the term “organization” generally refers to apublicly-held corporation, a non-publicly held corporation, a privatebusiness, a for-profit business, a not-for-profit entity, a governmententity, an athletic organization, or any other type of organizationwhere it may be desirable to implement embodiments of the presentinvention. As used herein, the term “agent” refers to any individualperson in a position of responsibility and/or trust with respect to anorganization, including but not limited to an officer of theorganization, an employee of the organization, a member of the board ofdirectors of an organization, a major stockholder of the organization,an athlete, and anyone who has the ability to over-ride governance,policies, procedures, and controls of the organization if they exist, orwho has the ability to over-ride public laws or good practices. As usedherein, the term “risk” generally refers to the risk associated with thelikelihood of an agent to commit fraud or some other improper act withrespect to the organization. As used herein, the term “independent”means not associated with another entity in terms of ownership orcontrol.

FIG. 1 is a functional block diagram of an embodiment of a cooperativearrangement 100 to monitor the behavior/activity of an individualassociated with an organization, in accordance with various aspects ofthe present invention. The cooperative arrangement 100 comprises acertification entity 105 which includes a risk assessment algorithm 110and a certification evaluation process 120. The cooperative arrangement100 further comprises an underwriting entity 130, as an option, and aninvestigation entity 140. The risk assessment algorithm 110 is adaptedto accept information from at least one personal financial disclosurestatement 150 and at least one set of personal financial records 160 andother relevant financial data. Each personal financial disclosurestatement 150 and each set of personal financial records 160 and otherrelevant financial data is associated with one individual person (e.g.,an agent of the organization). In accordance with certain embodiments ofthe present invention, the agent has the choice to proceed or not withthe certification process. That is, the agent may or may not give hisinformed consent to engage in the certifying process and may or may notgive permissive use of his financial records and data.

In accordance with an embodiment of the present invention, thecertifying entity 105 is preferably, but not necessarily, independent ofboth the individual persons to be certified and the organization. Therisk assessment algorithm 110 operates on the input information from thepersonal financial disclosure statement(s) 150 and the set(s) ofpersonal financial records 160 and other relevant financial data andgenerates risk assessment data 115. The risk that is being assessed isthe likelihood that an individual person (i.e., agent) will attempt tocommit fraud or other improper actions against the organization. Therisk assessment data 115 is input to the certification evaluationprocess 120. The certification evaluation process 120 evaluates the riskassessment data 115 to make a determination of certification 170 withrespect to one of an individual person (e.g., an agent of theorganization) or to the organization itself.

If the determination of certification 170 is “yes” (i.e., to certify),then a record of certification 180 is created (i.e., the paperwork,record, or computer file verifying that the person is certified), forthe individual person or the organization. This may or may not take theform of issuing a certificate of certification. As an option, theunderwriting entity 130 is used to conduct an underwriting procedure.That is, the underwriting entity 130 is used to generate and issue, orupdate, an insurance policy or fidelity bonding policy 190 in responseto the certification results 174 of the evaluation process 120. Forexample, the certified agent may be added to the policy. In general,however, the underwriting entity 130 will typically make its ownindependent evaluation and may or may not use the certification results174 in determining underwriting status (i.e., the underwriting entity isnot bound by the certification results).

When the decision is “to certify”, the certification entity 105 issaying that the risk associated with the agent, with respect tocommitting fraud or some other improper act with respect to theorganization, is acceptable. If the determination of certification 170is “no” (i.e., not to certify), then documented reasons for notcertifying 172 are generated and forwarded to the investigation entity140.

In accordance with an embodiment of the present invention, theinvestigation entity 140 performs an investigation based on thedocumented reasons for not certifying 172 and generates a set ofinvestigative results 145. Information from the investigative results145 may be input back into the risk assessment algorithm 110, along withthe personal financial disclosure statement 150 and the set of personalfinancial records 160 and other relevant financial data to generate asecond set of risk assessment data 115 (i.e., investigation-based riskassessment data). As part of the investigation, the investigative entity140 may ask for additional information from the agent to be certified,or may wish to interview the agent to be certified.

The second risk assessment data 115 is input to the certificationevaluation process 120. The certification evaluation process 120evaluates the second risk assessment data 115 to make a new investigateddetermination of certification 170 with respect to one of an individualperson (e.g., an agent of the organization) or the organization itself.Based on the additional information from the investigative results 145,the second risk assessment data 115 and, therefore, the newdetermination of certification 170 may be the same as (i.e., “no”) ordifferent from (i.e., “yes”) the original determination of certification170. As a practical matter, there may be a limit to the number of timesthat a result of “no” or “do not certify” will be investigated. That is,at some point, the attempts to certify the agent will be stopped.

In accordance with an alternative embodiment of the present invention,financial records and other relevant financial data of other personsassociated with the agent to be certified may be obtained and input intothe risk assessment algorithm 110 along with the information from theagent to be certified. Such other persons may include, for example, aspouse, a child, a sibling, a business partner, or a parent of the agentto be certified. Such information of other persons may be helpful if,for example, an unscrupulous individual were to try to hide embezzledfunds in an account that is in the name of a close relative.

FIG. 2 illustrates a flowchart of a first embodiment of a method 200which may be performed (i.e., conducted) to monitor thebehavior/activity of an individual associated with an organization usingthe cooperative arrangement 100 of FIG. 1, in accordance with variousaspects of the present invention. In step 210, a personal financialdisclosure statement of an individual person, associated with orpotentially to be associated with an organization, is obtained. In step220, personal financial records and other relevant financial data of theindividual person are obtained. In accordance with an embodiment of thepresent invention, step 220 is performed only if the individual persongives permission. In step 230, first information from the personalfinancial disclosure statement, the personal financial records, andother relevant financial data is input into a risk assessment algorithm.In step 240, the risk assessment algorithm operates on the first inputinformation and thereby generates first risk assessment data. In step250, the first risk assessment data is evaluated to make a firstdetermination of certification with respect to the individual person. Inaccordance with an alternative embodiment of the present invention,information from personal financial records and other relevant financialdata are used. A personal financial disclosure statement is may not beobtained.

As an example, referring to FIG. 1, an agent of a corporation is to becertified for risk by the certification entity 105. In accordance withan embodiment of the present invention, the certification entity 105 ispreferably, but not necessarily, an independent entity which is in thebusiness of certifying individual agents of other organizations (e.g.,publicly held corporations, non-publicly held corporations, governmententities), for example. Such certification helps to ensure that theagent being certified is likely to comply with policies, procedures,rules, best practices, ethical and moral standards, and controls of theorganization such as, for example, complying with Sarbanes-Oxleyregulations. Such certification also helps to ensure that the agentbeing certified is likely to not engage in fraudulent activities suchas, for example, embezzlement of funds, or other improper behaviors.

Continuing with the example, the agent registers with the certifyingentity 105 and provides a personal financial disclosure statement 150 tothe certification entity 105. Information provided on the personalfinancial disclosure statement may include, for example, informationrelated to assets (e.g., home ownership), and liabilities (e.g., creditcard debt) of the agent as well as income (e.g., a salary). The agentalso gives permission to the certification entity 105 to obtain past andpresent personal financial records 160 and other relevant financial datasuch as, for example, tax return records, treasury records, real estaterecords, banking records, a credit report, and a Fair Isaac Company(FICO) score.

Information is extracted from the personal financial disclosurestatement 150 and the personal financial records 160 and other relevantfinancial data and is input into the risk assessment algorithm 110. Therisk assessment algorithm 110 operates on the input information andgenerates risk assessment data 115. The risk assessment data 115 mayinclude, for example, detected discrepancies found when comparing theagent's personal financial disclosure statement 150 and the personalfinancial records 160. For example, an income discrepancy may be found.Also, evidence of irresponsible behavior may be detected (e.g., notpaying minimum balances due on credit cards), evidence of suspiciousbehavior may be found (e.g., an unusual transfer of funds, a sudden moveor change of residence), and an assessment of financial stability may bemade (e.g., an assessment of “unstable” because the bank is about toforeclose on the agent's home). Other risk assessment data are possibleas well, in accordance with various embodiments of the presentinvention. The weighting of these and other factors may vary by design.

Next, the risk assessment data 115 goes into the certificationevaluation process 120. In accordance with an embodiment of the presentinvention, the risk assessment data 115 is operated on by thecertification evaluation process 120 to generate a composite risk factorin response to the risk assessment data 115. The composite risk factoris a reliable indicator of the agent's level of risk with respect tofraudulent or other improper activity. In accordance with an embodimentof the present invention, the composite risk factor is a single numericvalue or score. The composite risk factor is compared to a thresholdvalue which is also a numeric value.

If the composite risk factor is greater than the threshold value, then adecision to “not certify” the agent is made. If the composite riskfactor is less than the threshold value, then a decision to “certify” ismade. In accordance with an alternative embodiment of the presentinvention, if the resultant composite risk factor is within a predefinedrange of values about the threshold value, a decision to “delaycertification” is made and further action is taken to determine if thecomposite risk factor can be lowered (i.e., if the risk can be reduced)in order to subsequently make a decision to “certify”. Other means ofcomparing a composite risk factor are possible as well, in accordancewith various other embodiments of the present invention.

In accordance with an alternative embodiment of the present invention,the risk assessment algorithm 110 and the certification evaluationprocess 120 are implemented as a single algorithm or process. Inaccordance with an embodiment of the present invention, the riskassessment algorithm 110 and/or the certification evaluation process 120are both implemented on a processor-based platform such as, for example,a personal computer (PC). In accordance with various embodiments of thepresent invention, the certification evaluation process 120 may beperformed manually by a human, or may be performed automatically by aprocessor-based platform (e.g., a PC).

In the case where a decision to “certify” is made, certification results174 may be generated and forwarded to the underwriting entity 130 as anoption. In accordance with an embodiment of the present invention, thecertification results 174 may include, for example, the resultantcomposite risk factor and the threshold value used, certain specifiedpersonal identification information of the certified agent and othercertain financial information associated with the agent that were usedto generate the composite risk factor. The underwriting entity 130 istypically an insurance company or a fidelity bonding entity, inaccordance with certain embodiments of the present invention, and ispreferably, but not necessarily, independent of the certification entity105 and the investigation entity 140.

In accordance with an embodiment of the present invention, underwritingincludes insuring the organization by accepting liability for designatedlosses arising from improper activities with respect to the organizationby the agent. The underwriting entity 130 takes the certificationresults 174 and underwrites the organization by generating or adjustingan insurance policy or bonding policy having terms, conditions, andpremium fees which are calculated in response to, at least in part, thecertification results 174.

For example, if the certified agent's calculated composite risk factoris well below the threshold value, then the insurance premium fees thatare to be paid for the insurance policy may be reduced or discountedfrom a standard rate of someone not having certification. Also, theterms and conditions of the insurance policy may be more favorable. Forexample, the amount of time that can pass before the agent is to bere-certified may be longer. Also, monitoring of the agent's futurepersonal financial activities may be less frequent. In accordance withan embodiment of the present invention, the insurance premiums may bepaid by the organization of the agent. As a result, the organization maybe able to eliminate other forms of bonding and/or insurance coverage.

If new financial information is obtained for an agent and processedthrough the certification entity 105 and the resultant updated compositerisk factor, based on the new information, is closer to the thresholdvalue than a previously calculated composite risk factor, then theunderwriting may be updated (i.e., premiums, terms and conditions may bere-calculated) as well based on the improved composite risk factor.Similarly, if the resultant updated composite risk factor is furtheraway from the threshold, even better underwriting premiums, terms, andconditions may be provided.

In the case where a decision to not certify is made, documented reasonsfor not certifying 172 are forwarded to the investigation entity 140. Inaccordance with an embodiment of the present invention, theinvestigation entity 140 is a private agency or entity with expertise ininvestigating personal financial matters of individuals. Theinvestigation entity 130 takes the documented reasons for not certifying172 and determines the underlying circumstances involved and generatescorresponding investigation results 145. In accordance with analternative embodiment of the present invention, the investigationentity 140 is not independent of the certifying entity 105 and/or theorganization. That is, self-policing may be performed.

For example, the agent's composite risk factor may be too high becausethe agent is seen to own shares of stock in a competing corporationwhich constitutes, at a minimum, a conflict of interest. Uponinvestigation, the investigative entity 140 determines that the sharesof stock were purchased for the agent as a child by his father manyyears ago. The agent had forgotten about the shares of stock and,therefore, failed to disclose them on his personal financial disclosurestatement 150. The investigative results 145 are then forwarded to thecertifying entity 105 along with a recommendation that the agent sellthe problematic shares of stock. Upon selling the shares of stock,information is extracted from the investigation results 145 and inputinto the risk assessment algorithm 110 along with the fact that theagent no longer owns the shares of stock, and along with the informationpreviously extracted from the agent's personal financial disclosurestatement 150, personal financial records 160 and other relevantfinancial data.

An updated set of risk assessment results 115 are generated and anupdated composite risk factor, which is substantially lower than theoriginal composite risk factor is generated. Upon comparing the updatedcomposite risk factor to the threshold value, a determination to“certify” the agent is made. As a result, the agent becomes certifiedand the underwriting process may proceed if desired.

In accordance with an embodiment of the present invention, the riskassessment algorithm 110 takes the input information and generates a setof internal parameters. The risk assessment algorithm then appliesweightings to the set of internal parameters and combines the weightedinternal parameters in a particular way to generate the risk assessmentresults 115. Certain weighted internal parameters and/or combinations ofweighted internal parameters may be applied to certain internalthresholds in a certain manner to generate particular risk assessmentresults 115 (e.g., binary risk assessment results).

In accordance with a further embodiment of the present invention, therisk assessment algorithm 110 is an evolutionary algorithm that canevolve over time as the risk assessment algorithm 110 is presented withnew training input information along with truth output datacorresponding to the input information. For example, information from aknown first group of agents who have deliberately not complied withcorporate governance rules and procedures and/or who are known to havecommitted fraud may be input into the risk assessment algorithm 110along with the fact that these agents should not be certified (i.e., thealgorithm should be able to adapt to generate risk assessment data 115that detects a problem with this first group of agents with respect torisk). Similarly, information from a known second group of agents whohave always complied with corporate governance rules and procedures andare known to have not committed fraud may be input into the riskassessment algorithm 110 along with the fact that these agents should becertified (i.e., the algorithm should be able to adapt to generate riskassessment data that does not detect a problem with this second group ofagents with respect to risk).

Similarly, in accordance with a still further embodiment of the presentinvention, the certification evaluation process 120 is an evolutionaryalgorithm that can evolve over time as the certification evaluationprocess 120 is presented with new training risk assessment data 115along with truth output data corresponding to the new risk assessmentdata 115. For example, when presented with the risk assessment data 115corresponding to the known agents who deliberately did not comply withcorporate governance rules and procedures and who committed fraud, thecertification evaluation process 120 may adapt in order to correctlygenerate a “do not certify” output at the certification determinationstep 170. Such an adaptation may involve adapting the formula forcalculating the composite risk factor and/or changing the thresholdvalue. Similarly, when presented with the risk assessment data 115corresponding to the known agents who always complied with corporategovernance rules and procedures and did not commit fraud, thecertification evaluation process 120 may adapt in order to correctlygenerate a “certify” output at the certification determination step 170.

Typically, the risk assessment algorithm 110, the certificationevaluation process 120, and the certification determination step 170 areallowed to evolve simultaneously in order to take into account the truthdata presented. Such evolutionary algorithms may be implemented as, forexample, genetic algorithms and/or neural network-based algorithms onprocessor-based platforms, in accordance with various embodiments of thepresent invention.

Just as a single individual can be certified (and optionallyunderwritten) for risk of fraud and other improper behaviors, an entireorganization may also be certified (and optionally underwritten), inaccordance with an embodiment of the present invention. FIG. 3illustrates a flowchart of a second embodiment of a method 300 which maybe performed (conducted) to monitor the behavior/activity of anindividual associated with an organization using the cooperativearrangement of FIG. 1, in accordance with various aspects of the presentinvention. In step 310, a personal financial disclosure statement ofeach of a plurality of individual persons associated with anorganization is obtained. In step 320, personal financial records ofeach of the individual persons and other relevant financial data areobtained. In step 330, first information is extracted and input fromeach of the personal financial disclosure statements, each of thepersonal financial records, and each of the other relevant financialdata into a risk assessment algorithm. In step 340, the risk assessmentalgorithm operates on the first input information and thereby generatesfirst risk assessment data. In step 350, the first risk assessment datais evaluated and thereby a determination of certification is made withrespect to the organization.

Therefore, by applying the cooperative arrangement 100 of FIG. 1 to allof the agents of an organization that handle or have direct or evenindirect input to any of the certified financial statements of theorganization, the entire organization may become certified, andoptionally underwritten, for risk of fraud and other improper behaviors,for example. Just as for an individual agent, a composite risk factormay be generated for the entire organization and compared to a thresholdvalue. The underwriting and/or investigative process illustrated in FIG.1 may be followed with respect to the entire organization (e.g., apublicly held corporation), based on assessing the risk associated witha plurality of agents.

Alternatively, the method 200 of FIG. 2 may simply be repeated for eachof the agents of the organization and, therefore, the organizationbecomes certified only after each of the agents is individuallycertified.

FIG. 4 illustrates a flowchart of an embodiment of a method 400 whichmay be performed (conducted) to monitor an individual of an organizationfor risk using the cooperative arrangement of FIG. 1, in accordance withvarious aspects of the present invention. In step 410 updated personalfinancial records of an individual that is currently certified for riskwith respect to an organization are periodically obtained. In step 420,updated information from the updated personal financial records andother relevant financial data is input into a risk assessment algorithmalong with previous information from a previously obtained personalfinancial disclosure statement of the individual. In step 430, the riskassessment algorithm operates on the input information and therebygenerates updated risk assessment data. In step 440, the updated riskassessment data is evaluated and an updated determination ofcertification is made with respect to the individual.

For example, an agent of an independent corporation who is currentlycertified and covered under the organization's insurance policy 190 maybe required to allow updated (i.e., most-recent) personal financialrecords to be obtained by the certifying entity 105 every fiscalquarter, in accordance with the terms of the corresponding policy 190.As a result, the certifying entity 105 is able to effectively monitorthe agent to see if any significant changes in his/her personalfinancial status has changed that could affect the agent's risk ofcommitting fraud or other improper activities with respect to theindependent corporation. Another agent of the independent corporationmay be required to provide updated personal financial records only oncea year, because of the agent's superior certification status (i.e.,lower composite risk factor) and superior underwriting status.

In accordance with an alternative embodiment of the present invention,the financial status of an agent may be, effectively, continuouslymonitored. That is, as soon as updated financial information or data foran agent becomes available, the information is immediately input to therisk assessment algorithm and processed. The agent's financial behavioris effectively tracked.

If the agent's status changes from “certify” to “do not certify”, thenthe investigative process previously described may be triggered andfollowed. As another example, if the agent's status remains “certify”but the agent's composite risk factor has changed (i.e., increased ordecreased), the terms and conditions and/or premiums of the associatedunderwriting policy for the agent's company, if there is one, may beupdated to reflect the changed risk. If no significant changes result,the previous certifying and underwriting status may be maintained.

In accordance with an alternative embodiment of the present invention,the agent may be required to provide an updated personal financialdisclosure statement which is then also used in the monitoring process.

The method 400 of FIG. 4 also can also serve as a first indicator ofidentity theft for the monitored agent. Any unusual activity due to anyform of identity theft may be detected by the certifying entity 105, orby the investigating entity 140. For example, if the agent's credit cardnumber is stolen and used in such a way that would be considered unusualfor the agent (e.g., sudden fluctuations in the account balance areseen), such an unauthorized use may be detected by the risk assessmentalgorithm 110.

Employees of the organization for which the agent works may beencouraged to report any observed misconduct on the part of the agent topersons in charge of the certifying entity 105. In this way, a reportingemployee is reporting to an entity which may or may not be independentof his/her employer and, therefore, may be less reluctant to report suchmisconduct without fear of retaliation from the employer (i.e., from theorganization for which the agent and the reporting employee areemployed).

In accordance with an alternative embodiment of the present invention,there may be multiple levels or degrees of certification. For example,“gold”, “silver”, and “bronze” levels of certification may be definedbased on ranges of possible numeric values that the composite riskfactor can take on. As another example, levels of certification may bedefined based on a number of years that an agent has been certified(e.g., 5-years certified, 10-years certified, etc.).

In accordance with a further alternative embodiment of the presentinvention, certification may be directed to particular positions withina company. For example, the composite risk factor requirement for a CEOmay be different than that for a head of marketing. As another example,the exact risk assessment algorithm used may be somewhat different for aCEO than for a head of marketing.

In accordance with various embodiments of the present invention,certification may be mandatory or may be voluntary. For example, theremay be an employee of an organization that is not required to becertified but would like to go through the certification process(possibly excluding the underwriting part of the process) in order toestablish himself as an exemplary person of trustworthiness. Such avoluntary certification could help the employee gain a promotion into aposition of higher responsibility, for example.

As another example, a private employer (i.e., not a publicly heldcompany) may decide that all of his employees must become certified, inaccordance with an embodiment of the present invention, in order toremain or become employed at his private company. That is, certificationis a condition of employment. Such a mandatory pre-requisite foremployment can allow the private employer to hire and retain only thosepeople that are trustworthy.

In summary, a cooperative arrangement and methods of helping to deterfraud and other improper activities within an organization aredisclosed. Financial information is collected for at least oneindividual of the organization and fed into a risk assessment algorithmto determine a level of risk with respect to the individual. If thelevel of risk is acceptable, the individual may be certified andoptionally underwritten in order to protect the organization against anylosses incurred arising from improper conduct by the individual withrespect to the organization.

While the invention has been described with reference to certainembodiments, it will be understood by those skilled in the art thatvarious changes may be made and equivalents may be substituted withoutdeparting from the scope of the invention. In addition, manymodifications may be made to adapt a particular situation or material tothe teachings of the invention without departing from its scope.Therefore, it is intended that the invention not be limited to theparticular embodiment disclosed, but that the invention will include allembodiments falling within the scope of the appended claims.

What is claimed is:
 1. A method to monitor an individual person of anorganization for behavioral risk, said method comprising: (a)periodically obtaining updated personal financial records and otherupdated relevant personal financial data of an individual person that iscurrently certified for risk with respect to said organization; (b)inputting updated information from said updated personal financialrecords and other updated relevant personal financial data, along withprevious personal information from a previously obtained personalfinancial disclosure statement from said individual person, into a riskassessment algorithm implemented on a processor-based platform; (c) saidrisk assessment algorithm operating on said input information andthereby generating updated risk assessment data, wherein the updatedrisk assessment data includes data corresponding to one or more ofdetected discrepancies, evidence of irresponsible behavior, evidence ofsuspicious behavior, and evidence of instability; and (d) making anupdated determination of certification with respect to said individualperson.
 2. The method of claim 1, further comprising documenting reasonsfor not maintaining certification of said individual person when saiddetermination of certification is not to maintain certification.
 3. Themethod of claim 2, further comprising investigating said reasons for notmaintaining certification of said individual person and therebygenerating investigative results.
 4. The method of claim 3, furthercomprising inputting second information from said investigative results,said personal financial disclosure statement, said updated personalfinancial records, and said updated other relevant personal financialdata into said risk assessment algorithm.
 5. The method of claim 4,further comprising: said risk assessment algorithm operating on saidsecond input information and thereby generating investigation-based riskassessment data; and evaluating said investigation-based risk assessmentdata and thereby making an investigated determination of certificationwith respect to said individual person.
 6. The method of claim 1,wherein said updated personal financial records include one or more ofmost-recent tax return records, most-recent treasury records,most-recent real estate records, most-recent banking records, amost-recent credit report, and a current FICO score.
 7. The method ofclaim 1, wherein the step of said risk assessment algorithm operating onsaid input information and thereby generating updated risk assessmentdata comprises said risk assessment algorithm comparing information fromsaid personal financial disclosure statement with information from saidupdated personal financial records and said updated other relevantpersonal financial data, and thereby detecting any discrepancies.
 8. Themethod of claim 1, wherein the step of said risk assessment algorithmoperating on said input information and thereby generating updated riskassessment data comprises said risk assessment algorithm detectingevidence of irresponsible behavior on the part of said individualperson.
 9. The method of claim 1, wherein the step of said riskassessment algorithm operating on said input information and therebygenerating updated risk assessment data comprises said risk assessmentalgorithm generating data related to a financial stability of saidindividual person.
 10. The method of claim 1, wherein the step ofperiodically obtaining updated personal financial records and otherrelevant personal financial data of said individual person is onlyperformed when said individual person gives permission to perform saidstep.
 11. The method of claim 1, wherein the step of evaluating saidupdated risk assessment data and thereby making an updated determinationof certification with respect to said individual person comprises:generating an updated composite risk factor in response to said updatedrisk assessment data; and comparing said updated composite risk factorto a threshold value.
 12. The method of claim 11, wherein saiddetermination of certification is to maintain certification when saidupdated composite risk factor is below said threshold value.
 13. Themethod of claim 11, wherein said determination of certification is tonot maintain certification when said composite risk factor is above saidthreshold value.
 14. The method of claim 11, further comprising updatingan underwriting of said individual person when said determination is tomaintain certification and said updated composite risk factor is closerto said threshold value than a previously calculated composite riskfactor for said individual person.